[Scanned/typed by John Gilmore.]
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF CALIFORNIA
FILED
Dec 9 1 10 PM '96
RICHARD [illegible]
[illegible]
) U.S. DISTRICT COURT
) NO DIST OF CA
DANIEL J. BERNSTEIN, )
) No. C-95-0582 MHP
Plaintiff, ) MEMORANDUM AND ORDER
) DEC 16 1996
vs. ) ENTERED IN CIVIL DOCKET _____, 19__
)
UNITED STATES DEPARTMENT OF STATE )
et al., )
)
Defendants. )
__________________________________)
Plaintiff Daniel Bernstein brought this action against the
Department of State and the individually named defendants seeking
declaratory and injunctive relief from their enforcement of the Arms
Export Control Act ("AECA"), 22 U.S.C. Section 2778, and the
International Traffic in Arms Regulations ("ITAR"), 22 C.F.R. Sections
120-30 (1994), on the grounds that they are unconstitutional on their
face and as applied to plaintiff. Now before this court are
cross-motions for summary judgment on the question of whether the
licensing requirements for the export of cryptographic devices and
software covered by Part 121, Category XIII(b) of the ITAR and the
export control over related technical data constitute an impermissible
infringement on speech in violation of the First Amendment.
Having considered the parties' arguments and submissions, and for
the reason set forth below, the court enters the following memorandum
and order.
BACKGROUND [1]
At the time this action was filed, plaintiff was a PhD
candidate in mathematics at University of California at Berkeley
working in the field of cryptography, an area of applied mathematics
that seeks to develop confidentiality in electronic communication.
Plaintiff is currently a Research Assistant Professor in the Department
of Mathematics, Statistics and Computer Science at the University of
Illinois at Chicago.
I. Cryptography
Encryption basically involves running a readable message known
as "plaintext" through a computer program that translates the message
according to an equation or algorithm into unreadable "ciphertext."
Decryption is the translation back to plaintext when the message is
received by someone with an appropriate "key." The message is both
encrypted and decrypted by compatible keys.[2] The uses of cryptography
are far-ranging in an electronic age, from protecting personal messages
over the Internet and transactions on bank ATMs to ensuring the secrecy
of military intelligence. In a prepublication copy of a report done by
the National Research Council ("NRC") at the request of the Defense
Department on national cryptography policy, the NRC identified four
major uses of cryptography: ensuring data integrity, authenticating
users, facilitating nonrepudiation (the linking of a specific message
with a specific sender) and maintaining confidentiality. Tien Decl.,
Exh. E. National Research Council, National Academy of Sciences,
_Cryptography's Role in Securing the Information Society_ C-2
(Prepublication Copy May 30, 1996) (hereinafter "NRC Report").
Once a field dominated almost exclusively by governments
concerned with protecting their own secrets as well as accessing
information held by others, the last twenty years has seen the
popularization of cryptography as industries and individuals alike have
increased their use of electronic media and have sought to protect
their electronic products and communications. NRC Report at vii. As
part of this transformation, cryptography has also become a dynamic
academic discipline within applied mathematics. Appel Decl. at 5; Blaze
Decl. at 2.
As a graduate student, Bernstein developed an encryption
algorithm he calls "Snuffle." He describes Snuffle as a zero-delay
private-key encryption system. Complaint Exh. A. Bernstein has
articulated his mathematical ideas in two ways: in an academic paper in
English entitled "The Snuffle Encryption System," and in "source code"
written in "C", a high-level computer programming language,[3]
detailing both the encryption and decryption, which he calls
"Snuffle.c" and "Unsnuffle.c", respectively. Once source code is
converted into "object code," a binary system consisting of a series of
0s and ls read by a computer, the computer is capable of encrypting and
decrypting data.[4]
II. Statutory and Regulatory Background
The Arms Export Control Act authorizes the President to control
the import and export of defense articles and defense services by
designating such items to the United States Munitions List ("USML").
22 U.S.C. Section 2778(a)(1). Once on the USML, and unless otherwise
exempted, a defense article or service requires a license before it can
be imported or exported. 22 U.S.C. Section 2778(b)(2).
The International Traffic in Arms Regulations, 22 C.F.R.
Sections 120-30, were promulgated by the Secretary of State,
who was authorized by executive order to implement the AECA. The ITAR
is administered primarily within the Department of State by the
Director of the Office of Defense Trade Controls ("ODTC"), Bureau of
Politico-Military Affairs. The ITAR allows for a "commodity
jurisdiction procedure" by which the ODTC determines if an article or
service is covered by the USML when doubt exists about an item. 22
C.F.R. Section 120.4(a). Also contained in the ITAR are the licensing
requirements for defense articles, 22 C.F.R. Section 123, and
technical data, 22 C.F.R. Section 125.
Categories of items covered by the USML are enumerated at
section 121.1. Category XIII, Auxiliary Military Equipment, includes
"Cryptographic (including key management) systems, equipment,
assemblies, modules, integrated circuits, components or software with
the capability of maintaining secrecy or confidentiality of information
or information systems . . . ." 22 C.F.R. Section 121 XIII(b)(1). A
number of applications of cryptography are excluded, such as those used
in automated teller machines and certain mass market software products
that use encryption. Id.
A "defense article" is defined by the ITAR as any item or
technical data that has been designated in the USML. 22 C.F.R. Section
120.6. A "defense service" is any assistance rendered to a foreign
person in the United States or abroad in the development or use of a
defense article, 22 C.F.R. Section 120.9(a)(1), or the furnishing of
technical data to a foreign person, 22 C.F.R. Section 9(a)(2).
"Technical data" is perhaps the most confusing category of
items regulated by the ITAR since it is defined separately and _in
relation to_ defense articles, 22 C.F.R. Section 120.10, but is also
defined _as_ a defense article when it is covered by the USML. See 22
C.F.R. Section 120.6. It generally covers information "which is
required for the design development, production, manufacture, assembly,
operation, repair, testing, maintenance or modification of defense
articles. 22 C.F.R. Section 120.10. It also encompasses software
directly related to defense articles. 22 C.F.R. Section 120.10(a)(4).
Software "includes but is not limited to the system functional design,
logic flow, algorithms, application programs, operating systems and
support software for design, implementation, test operation, diagnosis
and repair." 22 C.F.R. Section 121.8(f). A person who wants to export
software that is not designated on the USML can apply for a technical
data license. 22 C.F.R. Section 121.8(f).
The definition of technical data includes some noteworthy
exemptions. Technical data "does not include information concerning
general scientific, mathematical or engineering principles commonly
taught in schools, colleges and universities or information in the
public domain . . . ." C.F.R. Section 120.10(a)(5). The public domain
exemption excludes from technical data information which is "published
and generally accessible" to the public through newsstands, bookstores,
subscriptions, libraries, conferences and trade exhibitions. 22 C.F.R.
Section 120.11(a)(1)-(6). The public domain also includes information
available to the public through fundamental research at accredited
institutions of higher learning:
Fundamental research is defined to mean basic and applied
research in science and engineering where the resulting
information is ordinarily published and shared broadly within
the scientific community, as distinguished from research the
results of which are restricted for proprietary reasons or
specific U.S. Government access and dissemination controls.
22 C.F.R. Section 120.11(a)(8). It is apparent from the ITAR, and
neither party appears to dispute it, that the public domain exceptions
apply only to technical data and not to defense articles.
Finally, "export" is defined as "[s]ending or taking a defense
article out of the United States in any manner", 22 C.F.R. Section
120.17(a)(1), and as "[d]isclosing (including oral or visual disclosure)
or transferring technical data to a foreign person, whether in the
United States or abroad". 22 C.F.R. Section 120.17(a)(4).
III. Plaintiff's Commodity Jurisdiction Determinations
On June 30, 1992 Bernstein submitted a commodity jurisdiction ("CJ")
request to the State Department to determine whether three items were
controlled by ITAR. Those items were Snuffle.c and Unsnuffle.c (together
referred to as Snuffle 5.0), each submitted in C language source files,
and his academic paper describing the Snuffle system. Complaint Exh. A.
On August 20, 1992 the ODTC informed Bernstein that after consultation
with the Departments of Commerce and Defense it had determined that the
commodity Snuffle 5.0 was a defense article on the USML under Category
XIII of the ITAR and subject to licensing by the Department of State
prior to export. The ODTC identified the item as a "stand-alone
cryptographic algorithm which is not incorporated into a finished
software product." Complaint Exh. B. The ODTC further informed plaintiff
that a commercial software product incorporating Snuffle 5.0 may not be
subject to State Department control and should be submitted as a new
commodity jurisdiction request.
Plaintiff and ODTC exchanged copious and contentious correspondence
regarding the licensing requirements during the spring of 1993. Still
unsure if his academic paper had been included in the ODTC CJ
determination of August 20, 1992, Bernstein submitted a second CJ
request on July 15, 1993, asking for a separate determination for each
of five items. Lowell Decl., Exh. 17. According to plaintiff these items
were 1) the paper, "The Snuffle Encryption System," 2) Snuffle.c, 3)
Unsnuffle.c, 4) a description in English of how to use Snuffle, and 5)
instructions in English for programming a computer to use Snuffle.[5] On
October 5, 1993 the ODTC notified Bernstein that _all_ of the referenced
items were defense articles under Category XIII(b)(1). Complaint Exh. E.
By letter dated June 29, 1995, after plaintiff had initiated this
action, the ODTC clarified that its CJ determinations pertained only to
Snuffle.c and Unsnuffle.c, which it had determined to be a defense
article on the USML. Lowell Decl., Exh. 21 at l. The ODTC further noted
that the two items of explanatory information fell within the definition
of technical data but that the paper, "The Snuffle Encryption System,"
did "not appear to meet the definition of technical data." Lowell Decl.,
Exh. 21 at 2. The June 29 letter also explains the public domain
exception to technical data without drawing a conclusion about the
applicability of that exception to the explanatory information.
This court noted, in considering defendants' motion to dismiss,
that Bernstein had every reason to believe his paper was determined to
be on the USML until June 29, 1995, and that defendants should make a
prompt and unequivocal determination as to the status of the paper.
Bernstein, 922 F.Supp. at 1434 & n.12. Plaintiff's counsel wrote to
defense counsel on May 3, 1996, seeking, among other things, such a
determination. Lowell Decl., Exh. 22. In a response dated July 25,
1996, William Lowell, Director of the ODTC, stated that their letter of
June 29, 1995 had made clear that the paper "is neither a defense
article nor technical data under the ITAR and USML. Therefore, this
item is not subject to the ITAR." Lowell Decl., Exh. 24 at 1. With
respect to the two items determined to be technical data, Lowell
clarified that their publication or teaching would not be regulated,
but that a license would be required if the object or intent of their
export was to furnish assistance to a foreign person in operating
cryptographic software. Id. at 2.
Plaintiff seeks to publish and communicate his ideas on
cryptography. Bernstein asserts that he is not free to teach the Snuffle
algorithm, to disclose it at academic conferences, or to publish it in
journals or online discussion groups without a license.
// //
LEGAL STANDARD
Under Federal Rule of Civil procedure 56, summary judgment shall be
granted "against a party who fails to make a showing sufficient to
establish the existence of an element essential to that party's case,
and on which that party will bear the burden of proof at trial . . .
since a complete failure of proof concerning an essential element of the
nonmoving party's case necessarily renders all other facts immaterial."
Celotex Corp. v. Catrett, 477 U.S. 317, 322-23 (1986); see also T.W.
Elec. Serv. v. Pacific Elec. Contractors Ass'n, 809 F.2d 626, 630 (9th
Cir. 1987) (the nonmoving party may not rely on the pleadings but must
present significant probative evidence supporting the claim); Anderson
v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986) (a dispute about a
material fact is genuine "if the evidence is such that a reasonable jury
could return a verdict for the nonmoving party.").
The court's function, however, is not to make credibility
determinations, Anderson, 477 U.S. at 249, and the inferences to be
drawn from the facts must be viewed in a light most favorable to the
party opposing the motion. T.W. Elec. Serv., 809 F.2d at 631.
Where as here, the question is purely a legal one involving no
disputes of material fact, the matter is appropriately handled on a
motion for summary judgment.
//
DISCUSSION
Plaintiff contends that the licensing scheme under the ITAR imposes
an unconstitutional prior restraint on cryptographic speech, whether
that speech is defined as a defense article or technical data. Plaintiff
further maintains that a number of terms make the ITAR vague and
overbroad in violation of the First Amendment.
Defendants argue that the ITAR, insofar as it regulates
cryptographic software, is content neutral and easily survives
intermediate scrutiny under the First Amendment. In addition, defendants
aver that the technical data provisions do not regulate scientific or
academic speech and therefore do not act as a prior restraint on speech.
Finally, defendants contend that plaintiff's overbreadth claim,
vagueness claim and his claims under the Administrative Procedure Act
("APA") are without merit.
Both parties sizable briefs in support of their motions for
summary judgment are notable for the contrast of their approaches.
Plaintiff, for his part, argues that the provisions of the ITAR at
issue violate numerous conceivable--and a few inconceivable--First
Amendment doctrines. Defendants' arguments, in contrast, while
steering closer to traditional first amendment analysis, are notable
for the conspicuous absence of discussion of the prior restraint
doctrine.
Defendants state in their opposition that the real issue in
this case is whether export licensing controls on cryptographic
software violate the First Amendment. The court agrees that this is the
central issue before it and therefore an appropriate place to begin.
Moreover, as this court has already determined that source code is
speech, Bernstein, 922 F. Supp. at 1436, and both parties agree that a
licensing scheme controls the "export" of such speech, the court turns
first to prior restraint analysis.
I. Prior Restraint
A. Analytical Framework
As the Supreme Court has stated, in determining the extent of the
constitutional protection afforded by the guarantees of the First
Amendment, "it has been generally, if not universally, considered that
it is the chief purpose of the guaranty to prevent previous restraints
upon publication." Near v. Minnesota, 283 U.S. 697, 713 (1931). It is
for this reason that the Court has held: "Any prior restraint on
expression comes to this Court with a 'heavy presumption' against its
constitutional validity." Organization for a Better Austin v. Keefe, 402
U.S. 415, 419 (1971) (citations omitted).
While prior restraints have often come in the form of judicial
injunctions on publication, see e.g., C.B.S. v. Davis, 510 U.S. 1315
(1994); New York Times Co. v. United States, 403 U.S. 713 (1971), they
are also recognized in licensing schemes. See e.g., FW/PBS, Inc. v.
Dallas, 493 U.S. 215 (l990); Lakewood v. Plain Dealer Publishing Co.,
486 U.S. 750 (1988). Governments may impose valid time, place and
manner restrictions when they are content neutral, narrowly tailored to
serve a substantial governmental interest, and leave open alternative
channels for communication. See e.g., Clark v. Community for Creative
Non-Violence, 468 U.S. 288, 293 (1984). However, "even if a government
may constitutionally impose content-neutral prohibitions on a
particular manner of speech, it may not condition that speech on
obtaining a license or permit from a government official in that
official's boundless discretion." Lakewood, 486 U.S. at 764.
It is axiomatic that the First Amendment is more tolerant of
subsequent criminal punishment of speech than it is of prior restraints
on the same speech.
The thread running through all these cases is that prior
restraints on speech and publication are the most serious and
the least tolerable infringement on First Amendment rights. A
criminal penalty or a judgment in a defamation case is subject
to the whole panoply of protections afforded by deferring the
impact of the judgment until all avenues of appellate review
have been exhausted. . . .
A prior restraint, by contrast and by definition, has an
immediate and irreversible sanction. If it can be said that a
threat of criminal or civil sanction after publication "chills"
speech, prior restraint "freezes" it at least for the time.
Nebraska Press Ass'n v. Stuart, 427 U.S. 539, 559 (196).
While the Supreme Court has consistently rejected the idea that a
prior restraint can never be employed, id. at 570, it
nonetheless begins with a presumption of invalidity. The danger inherent
in prior restraints is largely procedural, in that they
bypass the judicial process and locate in a government official the
delicate responsibility of passing on the permissibility of speech. See
Freedman v. Maryland, 380 U.S. 51, 58 (1965) (holding that "a
noncriminal process which requires the prior submission of a film to a
sensor avoids constitutional infirmity only if it takes place under
procedural safeguards designed to obviate the dangers of a censorship
system".) Freedman sets forth three procedural safeguards that have been
used by the Supreme Court to examine licensing schemes: 1) any prior
restraint to judicial review can only be imposed for a brief and
specified period during which the status quo prevails; 2) expeditious
judicial review must be available; and 3) the censor must bear the
burden of going to court to suppress speech and once there bears the
burden of proof. FW/PBS, 493 U.S. at 227 (citing Freedman, 380 U.S. at
58-60).
When the risks associated with unbridled licensing schemes are
present to a significant degree, "courts must entertain an immediate
facial attack on the law." Lakewood , 486 U.S. at 759.
B. Analysis
Plaintiff argues that the CJ process, the registration and fee
system and the licensing system under the ITAR all act as prior
restraints on his ability to communicate and publish both his source
code and its accompanying technical data. Additionally, plaintiff
contends that by failing to meet the procedural requirements of
Freedman the ITAR scheme violates the First Amendment.
Defendants analyze cryptographic software on the basis of whether
it is content based or content neutral and conclude that export controls
on source code do not regulate the content of speech and are therefore
not a prior restraint or otherwise in violation of the First Amendment.
Defendants discuss prior restraint only with respect to technical data
and contend that the prior restraint cases are inapplicable.
The court will analyze Category XIII of the USML and technical data
separately under the prior restraint doctrine.
1. Category XIII(b) of the USML
A couple of preliminary observations are in order. The first
concerns the nature of the speech involved. Plaintiff cites Hurley v.
Irish-American Gay Group of Boston, ___ U.S. ___ , 115 S.Ct. 2338
(1995), to assert that the First Amendment prevents compelled speech
and McIntyre v. Ohio Electronics Comm'n, ___ U.S. ___ , 115 S.Ct. 1511
(1995), in support of its protection of anonymous speech. Based on
these cases plaintiff advances the novel proposition that the First
Amendment also includes the right to speak confidentially, and thus,
encryption is deserving of protection because it facilitates private
communication. It is unnecessary, and this court is unwilling, to reach
this issue. The court reiterates its previous conclusion that source
code is speech. Bernstein, 922 F. Supp. at 1436. Software relating to
encryption is simply a topic of speech employed by some scientists
involved in applied research. Hence, Snuffle is speech afforded the
full protection of the First Amendment not because it enables
encryption, but because it is itself speech.
Second, defendants assume that if the ITAR export controls do not
restrict the content of protected speech they are not a prior restraint.
This misunderstands the prior restraint analysis. If a licensing scheme
does not employ sufficient procedural safeguards, it must be invalidated
not because it is necessarily content based but because it bestows on a
government official substantial power to discriminate based on the
content of the speech or to burden speech by delaying a licensing
decision. Lakewood, 486 U.S. at 759; see also FW/PBS, 493 U.S. at 229
(plurality opinion) (finding that under the ordinance at issue the city
did not pass judgment on the content of the protected speech but had an
indefinite amount of time to issue license).
Category XIII(b) of the USML--directed as it is to cryptographic
software where software includes logic flows, algorithms and source
code--covers speech protected by the First Amendment. Defendants do not
dispute that the State Department requires a license to export items
covered by Category XIII(b).[6] Furthermore, exportation as defined by
the ITAR would appear to include publication where publication, such as
posting software on the Internet or distributing it freely among
colleagues, could be said to be tantamount to sending it out of the
United States "in any manner". 22 C.F.R. Section 120.17(a)(1).
A facial challenge on the basis of prior restraint will lie
where a law has a "close enough nexus to expression, or to conduct
commonly associated with expression, to pose a real and substantial
threat of identified censorship risks." Lakewood, 486 U.S. at 759. In
Lakewood, a newspaper challenged a city ordinance which required annual
permits for newsracks on public property and gave the mayor authority
to grant or deny applications for those permits. The Court contrasted
laws that are directed at expression, such as the one governing the
circulation of newspapers, with laws of general applicability not aimed
at conduct commonly associated with expression, such as a law requiring
building permits. Id. at 760-61. The former risks self-censorship on
the part of those applying for permits and censorship on the part of
the decisionmaker. The latter rarely do.
While, as defendants assert, the bulk of the ITAR scheme may
well be viewed as a law of general applicability not aimed at
expression but at controlling the spread of defense-related commodities
abroad, the same cannot be said of Category XIII(b) of the Munitions
List. Category XIII(b) is directed very specifically at applied
scientific research and speech on the topic of encryption. That it
regulates encryption in the interest of national security does not
alone justify a prior restraint. In New York Times Co., 403 U.S. at
714, the Supreme Court invalidated a prior restraint on classified
material that had been enjoined in the interests of national security.
While that case inspired nine separate opinions on the propriety of
enjoining publication of the Pentagon Papers in The New York Times and
The Washington Post, a majority of Justices found national security,
without more, too amorphous a rationale to abrogate the protections of
the First Amendment. See id. at 719 (Black, J. and Douglas, J.,
concurring). Justice Brennan concluded that the First Amendment's ban
on prior restraints could only be overridden in time of war, id. at 726
(Brennan, J. concurring) (citing Schenck v. United States, 249 U.S. 47
(1919)), and even then, according to Justice Stewart, only when
disclosure would "surely result in direct, immediate, and irreparable
damage to our Nation or its people." Id. at 730 (Stewart, J. and White,
J. concurring). Under such an exacting standard, defendants' interests
here, in being able to break foreign encryption and conduct adequate
surveillance in "furtherance of world peace and the security and
foreign policy of the United States," 22 U.S.C. Section 2778(a)(1), are
clearly insufficient without more.
However, even though in form Category XIII(b) aims at speech,
it is arguable--and defendants assert--that its purpose is
content neutral. Yet the very nature of the technology blurs the
distinction between these two ways of understanding the
constitutionality of a regulation. With respect to encryption, the
stronger the cryptographic algorithm, the better the science and the
more noteworthy the academic speech, but also the more powerful are its
effects and therefore the greater the interest in government
regulation.[7]
However, even if the court were to determine that the
regulatory purpose behind Category XIII(b) was content neutral
that would not resolve the issue. The plurality opinion in FW/PBS
suggests that even an otherwise valid licensing scheme must still
contain adequate procedural safeguards in order to be constitutional.
There Justice O'Connor, joined by Justices Stevens and Kennedy,
stated:
Because we conclude that the city's licensing scheme lacks
adequate procedural safeguards, we do not reach the issue
decided by the Court of Appeals whether the ordinance is
properly viewed as a content-neutral time, place, and manner
restriction aimed at secondary effects arising out of the
sexually oriented businesses.
FW/PBS, 493 U.S. at 223. Thus, the court turns to the procedural
safeguards afforded by the ITAR.
As noted above, the Court in FW/PBS read Freedman to hold that
for a licensing scheme to be constitutional, 1) the licensor must make
the licensing decision within a specific and reasonable period of time;
2) there must be prompt judicial review; and 3) the censor must bear
the burden of going to court to uphold a licensing denial and once
there bears the burden of justifying the denial. FW/PBS, 493 U.S. at
227-28 (citing Freedman, 380 U.S. at 58-60).
The ITAR scheme, a paradigm of standardless discretion, fails
on every count. This court finds nothing in the ITAR that places even
minimal limits on the discretion of the licensor and hence nothing to
alleviate the danger of arbitrary or discriminatory licensing
decisions. Part 123 governing licenses for the export of defense
articles, 22 C.F.R. Section 123, lays out an extensive list of
requirements for those seeking a license but places no constraints on
the ODTC in approving or denying a license. First, there is no limit to
the time in which the ODTC must make a licensing decision. Second, not
only does the ITAR not provide for judicial review of licensing
decisions, prompt or otherwise, the AECA makes the initial designation
of items as defense articles unreviewable. 22 U.S.C. Section 2778(h).
Finally, given there is no recourse for someone denied a license, there
is no burden on the ODTC to go to court to justify the denial.
Moreover, applications for licenses can be disapproved and approved
licenses can be revoked, suspended or amended without prior notice in
the interests of national security or whenever it "is otherwise
advisable". 22 C.F.R. Section 126.7(a)(1). While the court is mindful
of the problems inherent in judicial review of ODTC licensing decisions
regarding cryptographic software, both with respect to the
sophistication of the technology and the potentially classified nature
of the licensing considerations, there must still be some review
available if the export controls on cryptographic software are to
survive the presumption against prior restraints on speech.
According to the NRC Report, some of the problems that standardless
discretion invite have been realized among commercial vendors of
cryptographic products.[8] The Report notes, for example, that virtually
all industry representatives testified that product development was
inhibited and trust eroded by the unpredictability of USML licensing, a
lengthy licensing process and the lack of an independent adjudicating
forum in which to appeal negative licensing decisions. NRC Report at
4-14, 4-15, 4-17. In addition, the risk of discriminatory treatment
associated with standardless licensing schemes was reflected in the
Report's comments that companies were reluctant to express their full
dissatisfaction with the rules and implementation of export controls
over cryptographic products for fear that "any explicit connection
between critical comments and their company might result in unfavorable
treatment of a future application for an export license for one of their
products." Id. at 4-29.
In FW/PBS, the Court declared that the first two safeguards required
by Freedman--a time limit on the licensing decision and judicial
review--were essential. FW/PBS, 493 U.S. at 228. The third requirement
that the censor bear the burdens of going to court and justifying its
decision, it concluded, depended on the nature of the licensing scheme.
Unlike the film censorship at issue in Freedman, the ordinance
considered in FW/PBS did not entail "passing judgment on the content of
any protected speech" and because the applicants were applying for a
license of their entire business and not just a single film, the
applicant had "every incentive . . . to pursue a license denial through
court." Id. at 607. For these reasons the plurality opinion concluded
that the city was not required under the First Amendment to bear the
burden of going to court or to bear the burden of proof once there. Id.
The ITAR licensing scheme for items listed in Category XIII(b) of
the USML is more like the scheme in Freedman than FW/PBS. Here the
relevant provision of the ITAR is directed at speech on a particular
subject matter--cryptography. The Supreme Court has held that "the First
Amendment's hostility to content-based regulation extends not only to a
restriction on a particular viewpoint, but also to a prohibition of
public discussion of an entire topic." Burson v. Freeman, 504 U.S. 191,
197 (1992) (citing Consolidated Edison Co. of N.Y. v. Public Service
Comm'n of N.Y., 447 U.S. 530, 537 (1980)). Furthermore, applicants must
apply for a license for each item covered by Category XIII(b) and like
the film distributor seeking approval of one film, may be deterred from
challenging the licensing decision.
For these reasons, this court concludes that the ITAR licensing
scheme of cryptographic software is subject to all three procedural
safeguards. Because it fails to provide for a time limit on the
licensing decision, for prompt judicial review and for a duty on the
part of the ODTC to go to court and defend a denial of a license, the
ITAR licensing system as applied to Category XIII(B) acts as an
unconstitutional prior restraint in violation of the First Amendment.
2. The Technical Data Provision
The same question addressed above with respect to Category XIII(b)
applies to the technical data provision: whether it establishes an
impermissible system of prior restraints.
Plaintiff argues that it does for the same reasons he advances
with respect to Category XIII(b). Plaintiff contends that despite the
exceptions for fundamental research and work in the public domain, the
technical data provisions still sweep in a good deal of scientific
speech and that a law must be scrutinized based on what it includes
rather than what it excludes. Additionally, plaintiff asserts that the
Ninth Circuit's interpretation of technical data in United States v.
Edler, 579 F.2d 516 (9th Cir. 1978), no longer saves it on prior
restraint grounds because since Edler the AECA was amended to preclude
judicial review.
Defendants contend that Edler upheld a technical data provision
that was considerably less friendly to First Amendment interests and
that since then exemptions for academic research and discussion have
been added and clarified. In addition to the exemptions of general
scientific principles and fundamental research from the definition of
technical data, defendants point to a number of scholarly articles on
cryptographic theory that have been published free of ITAR licensing.
Finally, the ODTC has indicated that it interprets the technical data
provision in a manner consistent with Edler. 49 Fed. Reg. 47683 (Dec.
6, 1984).
In Edler the Ninth Circuit reviewed a conviction under the
predecessor of the AECA for unlicensed exportation of technical data
relating to a defense article on the USML. The technical data at issue
in Edler related to a technique of tape wrapping with applications for
missile components. In an appeal of his conviction, defendant challenged
the statute and regulations on First Amendment grounds. After finding
that "an expansive interpretation of technical data relating to items
on the Munitions List could seriously impede scientific research and
publishing and international scientific exchange," 579 F.2d at 519, the
court went on to adopt a narrowing construction to save the statute. The
court construed the statute and regulations to prohibit only the export
of technical data "significantly and directly related to specific
articles on the Munitions List." Id. at 521. In addition, when
information could have both peaceful and military applications, the
court added a scienter requirement that a defendant "must know or have
reason to know that its information is intended for the prohibited use."
Id. The Ninth Circuit concluded that as construed the statute and
regulations were not overbroad and not a prior restraint on speech. Id.
This court has serious concerns about the viability of the
Edler holding, particularly in light of advanced technologies such as
cryptography and other applied sciences.[9] First, the Ninth Circuit's
reasoning in Edler is not only twenty years old, but more importantly,
it was made without the benefit of the Supreme Court's subsequent
interpretation of Freedman and the procedural safeguards required of
regulatory schemes that license speech. Second, the court notes with
some concern that in practice the technical data provision appears to
have been as confusing to those charged with implementing it as to
those potentially regulated by it. The NRC Report notes that the rules
governing technical data are particularly difficult to understand,
pointing to the fact that a cryptographic algorithm that is not
machine-readable is technical data while the same algorithm in
machine-readable form is a product.[10] The Report also provides
excerpts from the only document it found in which the ODTC explains how
the regulation of technical data relates to cryptography. NRC Report at
4-47. That 1980 document appears to be inconsistent with the Edler
construction and suggests that the technical data provision could be
used to directly regulate, and chill, academic discourse. It states:
"The public is reminded that professional and academic presentations
and informal discussions, as well as demonstrations of equipment,
constituting disclosure of cryptographic technical data to foreign
nationals are prohibited without the prior approval of this office."
Id.[11] Lastly, defendants received between 1978 and 1984 three
separate and extensive memoranda from the Department of Justice's
Office of Legal Counsel, two regarding proposed revisions to the ITAR
and one specifically addressing the constitutionality of the ITAR
restrictions on public cryptography. Tien Decl., Exhs. A-C. Each of
them concludes, despite further revision and amendment to the ITAR,
that the technical data provisions as they relate to academic and
scientific speech are in violation of the First Amendment.[12]
While this court is inclined to agree, despite revisions to the
ITAR since 1984 and especially in light of Freedman and FW/PBS, Edler
remains the law of this Circuit and this court is bound by its
holding.[13] Moreover, Edler was reaffirmed, albeit in cursory fashion,
by the Ninth Circuit in 1989. United States v. Posey, 864 F.2d 1487,
1496 (9th Cir. 1989). If the Ninth-Circuit wants to reconsider those
opinions it is free to do so, but that decision is theirs to make.
However, as this court has found that Category XIII(b) is
unconstitutional, a question the Ninth Circuit has not had an
opportunity to address, the technical data provision--only insofar as
it relates to items in Category XIII(b)--is unenforceable.
II. Vagueness and Overbreadth
The doctrines of vagueness and overbreadth have traditionally
been viewed as related and similar doctrines by the Supreme Court.
Kolender v. Lawson, 461 U.S. 352, 358 n. 8 (1983) (citations omitted).
Vague or overbroad laws deter the constitutionally protected activity
not only of the litigant, but of third parties not before the court,
and for that reason can be challenged facially. Grayned v. City of
Rockford, 408 U.S. 104, 114 (1972). The court will consider each
doctrine briefly with respect to those parts of the statute not already
adjudicated. The court will not address Category XIII(b) but will
consider other provisions and amendments to the technical data
provision that were not in effect at the time of Edler.
A. Vagueness
Due process requires that laws clearly define their prohibitions.
Grayned, 408 U.S. at 108. Vague laws are objectionable for multiple
reasons. First, because they do not "give the person of ordinary
intelligence a reasonable opportunity to know what is prohibited," they
do not provide fair warning to those who wish to act lawfully. Id.
Second, a "vague law impermissibly delegates basic policy matters to
policemen, judges, and juries" allowing for "arbitrary and
discriminatory application." Id. at 108-09. Finally, a vague law
touching on rights protected by the First Amendment inhibits the
exercise of those rights; uncertainty can cause speakers to say less.
Id. at 109. Therefore, when First Amendment interests are at stake, an
even greater degree of specificity is required. Buckley v. Valeo, 424
U.S. 1, 77 (1976); Bullfrog Films, Inc. v. Wick, 847 F.2d 502, 512 (9th
Cir. 1988) (citing N.A.A.C.P. v. Button, 371 U.S. 415, 432-33 (1963)).
However, for a claim of facial vagueness to survive, the deterrent
effect of the statute on protected expression must be "real and
substantial" and not easily narrowed by a court. Young v. American Mini
Theaters, Inc., 427 U.S. 50, 60 (1976).
Plaintiff asserts that the AECA is impermissibly vague in that the
statute lacks standards sufficient to guide its application by
administrators, thus giving rise to arbitrary and discriminatory
enforcement. Plaintiff also charges vagueness with respect to the ITAR
terms "defense articles," "defense services," "technical data," "public
domain," and "export." Defendants dispute each of these contentions.
Plaintiff's argument that the AECA itself is vague is best
characterized as an issue under the APA, which, if it still appears
necessary to address, the court defers to another day.[14] Grayned, on
which plaintiff relies for support, was concerned with the delegation of
policy matters to police, judges and juries, entities not normally
entrusted with policy decisions. In contrast, the AECA, like many
federal statutes, delegates to federal agencies and departments the
responsibility of making more detailed policy decisions in the course of
promulgating regulations under the law. Here, one set of policy makers
has entrusted other policy makers with sensitive policy issues. This was
not the situation in Grayned and it does not implicate the vagueness
doctrine.
Plaintiff also argues that the ITAR is impermissibly vague in
that the definitions of "defense articles," "defense services," and
"technical data" all encompass the others. Specifically, a defense
article "means any item _or technical data_ designated in Section 121.1
of this subchapter." 22 C.F.R. Section 120.6 (emphasis added).
Technical data, as defined in the ITAR and by the court in Edler, is
information required for the manufacture or operation of defense
articles or information directly relating to defense articles. 22
C.F.R. Section 120.10. The definition of defense services distinguishes
between defense articles and technical data. 2 C.F.R. Section 120.9.
Defendants argue that technical data is defined separately in the ITAR
and in a manner that distinguishes it from actual commodities treated
as defense articles such that it is not a defense article itself.
However, the exact language of the ITAR does not comport with
defendants' characterization of it. The definition of defense articles
_includes_ technical data, which according to its own definition can only
be understood _in relation to_ defense articles. To say this is vague
would be generous, but it need not be voided for it is easily cured.
The phrase "or technical data" as well as the third sentence of the
definition referring to technical data must be removed from the
definition of defense article. Accordingly, items listed on the USML
are defense articles and information relating directly to them are
technical data. Read in this way, the three terms are not impermissibly
vague.
Plaintiff next claims that the exemptions to the definition of
technical data are vague, specifically the public domain exemption and
the academic exemption. Plaintiff claims that the public domain
exemption presents a classic catch-22 in which items that are already
published are exempted but publishing an item can invite prosecution
under the ITAR. The definition of public domain includes "information
which is published and which is generally accessible or available to
the public" through a number of channels, including newsstands,
bookstores, libraries and subscriptions. 22 C.F.R. Section
120.11(a)(1)-(7). With respect to subsections (1) though (7), this
exemption is fairly well-defined, and not vague. It gives a person of
ordinary intelligence concrete examples of the kinds of items that are
in the public domain. The catch-22 plaintiff complains of is inherent
in a licensing scheme rather than in the statute's definitional terms
and as such, has been addressed in the court's discussion of prior
restraint.
However, the same cannot be said of section 120.11(a)(8), which
contains the exemption for information available to the public "through
fundamental research in science and engineering". 22 C.F.R. Section
120.11(a)(8). This subsection, like the academic exemption which
exempts "general scientific, mathematical or engineering principles"
commonly taught in schools and universities, 22 C.F.R. Section
120.10(a)(5), does not give people, particularly those of arguably
extraordinary intelligence who are themselves engaged in the applied
sciences, "a reasonable opportunity to know what is prohibited".
Grayned, 408 S.Ct. at 108. Given the direct application of these
exemptions to First Amendment protections, the uncertainty created in
scientists about what speech is subject to regulation under the ITAR is
unacceptable.
For example, fundamental research is defined as "basic and applied
research in science and engineering where the resulting information is
ordinarily published and shared broadly within the scientific
community". 22 C.F.R. Section 120.11(a)(8). As defendants themselves
repeatedly attest, cryptographic algorithms and theory are often
published in scientific journals. Crowell Decl., Exhs. 1-10; Joint
Statement of Undisputed Facts s 9. However, cryptographic algorithms are
also covered by Category XIII(b) of the USML. Given these two facts, it
would be hard for scientists to discern when their work was a defense
article and when it was wholly exempt from the ITAR without going
through a CJ determination before any effort at publication. In fields
of applied science, what is commonly taught in universities may well
overlap with what the government might choose to regulate. In this
instance the deterrent effect on protected expression appears both real
and substantial. Young v. American Mini Theaters, Inc., 427 U.S. at 60.
These academic exemptions from the definition of technical data, 22
C.F.R. Sections 120.10(a)(5) & 120.11(a)(8), are accordingly void for
vagueness.
Lastly, plaintiff challenges the term "export" as vague for two
reasons. First, because it encompasses publishing and second,
because what constitutes an export depends on whether an item is defined
as a defense article or as technical data and those definitions are
themselves vague. The first issue is more properly one of overbreadth
and will be addressed below. The second is clarified by the
modifications made by the court to the definition of defense article.
Export is defined as "[s]ending or taking a defense article out
of the United States in any manner", 22 C.F.R. Section 120.17(a)(1),
and as "[d]isclosing (including oral or visual disclosure) or
transferring technical data to a foreign person, whether in the United
States or abroad". 22 C.F.R. Section 120.17(a)(4). The NRC Report
states that "[t]here is uncertainty about what specific act constitutes
the 'export' of software products with encryption capabilities." NRC
Report at 4-16. The Report gives the example of uploading an encryption
product to an Internet site in the United States where it can be
downloaded by a user in another country, and asks if the exportation is
in the upload or the download. NRC Report at 416, 4-17. This example
appears to point out the uncertainty in what acts can actually be
prosecuted under the ITAR more than any uncertainty in the definition
of export. It seems reasonably clear that uploading an item to an
Internet site that can be accessed in a foreign country constitutes
"sending" a defense article out of the country. The court does not find
that the term "export" is impermissibly vague.
B. Overbreadth
In a facial challenge to a law on grounds of overbreadth, a court
must first "determine whether the enactment reaches a substantial amount
of constitutionally protected conduct. If it does not, then the
overbreadth challenge must fail." Village of Hoffman Est. v. Flipside,
Hoffman Est., 455 U.S. 489, 494 (1982).
Facial overbreadth is concededly "strong medicine" employed as a
last resort when a limiting construction cannot be applied to a statute.
Broadrick v. Oklahoma, 413 U.S. 601, 613 (1973). In Members of the City
Council of Los Angeles v. Taxpayers for Vincent, 466 U.S. 789 (1984),
the Court noted that "where the statute unquestionably attaches
sanctions to protected conduct, the likelihood that the statute will
deter that conduct is ordinarily sufficiently great to justify an
overbreadth attack." Id. at 801 n.19 (citing Erznoznik v. City of
Jacksonville, 422 U.S. 205 (1975)). However, the Court also clarified
the application of substantial facial overbreadth, saying there must be
a "realistic danger that the statute itself will significantly
compromise recognized First Amendment protections of parties not before
the Court . . . ." Id. at 801. Merely being able to conceive of "some
impermissible applications of a statute" is insufficient. Id. at 800.
Defendants argue that although the traditional rules of
standing are modified in the context of an overbreadth challenge on
First Amendment grounds, Brockett v. Spokane Arcades, Inc., 472 U.S.
491, 503 (1984) (noting cases holding that one whose own speech is
validly prohibited by statute may still challenge statute facially
because it threatens others not before the court), that is not the case
where the party before the court seeks to engage in protected speech
that the statute purports to punish. In that case, there is "no want of
a proper party to challenge the statute, no concern that an attack on
the statute will be unduly delayed or protected speech discouraged."
Brockett, 472 U.S. at 504. Accordingly defendants assert that because
plaintiff cannot show a significant difference between his claims and
those of third parties, the court must consider the overbreadth
challenge as applied to plaintiff. Plaintiff disputes this by citing
cases emphasizing that if a statute's overbreadth is substantial and
its chilling effect significant, the entire statute may be invalidated
to protect the First Amendment. Lind v. Grimme, 30 F.2d 115, 1122 (9th
Cir. 1994), cert. den sub nom. Want v. Lind, 115 S.Ct. 902 (1995)
(distinguishing cases in which the only unconstitutional application
was the one directed at the party before the court and where the
chilling effect could be obviated by partial invalidation); see also
Board of Airport Comm'rs of Los Angeles v. Jews for Jesus. Inc., 482
U.S. 569, 573-74 (1987).
The court need not resolve this dispute over standing because
the issues left unresolved are few, and for those that remain the
nature of the challenge will not make a difference. The First Amendment
does not "render inapplicable the rule that a federal court should not
extend its invalidation of a statute further than is necessary to
dispose of the case before it." Brockett, 472 U.S. at 502 (citation
omitted). The court is mindful of that admonition. It has ruled on
Category XIII(b) and technical data generally under prior restraint
analysis; it has offered a curing instruction for the definition of
"defense articles" and has invalidated the academic exemptions to
technical data on vagueness grounds. All that remains are plaintiff's
claims that the definition of export is overbroad and that the entire
ITAR scheme is overbroad in that it assumes that all foreigners are
terrorists. The latter strikes the court as patently absurd. The former
can be disposed of quickly.
As noted above, "export" is defined with respect to defense
articles as "[s]ending or taking a defense article out of the United
States in any manner", 22 C.F.R. Section 120.17(a)(1). With respect to
technical data it means "[d]isclosing (including oral or visual
disclosure) or transferring technical data to a foreign person, whether
in the United States or abroad". 22 C.F.R. Section 120.17(a)(4). The
provision governing the exportation of defense articles is clearly
aimed mainly at conduct--at shipping tanks, missiles and the like
abroad. Yet in regulating cryptographic software it also sweeps in
speech. While the overbreadth of the provision in this respect is real,
the court cannot say that it is "substantial as well, judged in
relation to the statute's plainly legitimate sweep." Broadrick, 413
U.S. at 615. With respect to the export of technical data, this court
is again bound by Edler regardless of whether it agrees with that
disposition. There the Ninth Circuit added a scienter requirement to
the prohibition against exporting technical data in order to cure the
overbreadth problem. Edler, 579 F.2d at 521.
Accordingly, neither the definition of export nor the ITAR
scheme as a whole is unconstitutionally overbroad.
III. Administrative Procedures Act
In light of the foregoing, the court finds it unnecessary to reach
the claims brought by plaintiff under the APA.
IV. Preliminary Injunction
Plaintiff also seeks a preliminary injunction to enjoin the
government from prosecuting him under the ITAR and AECA for his teaching
activities. Plaintiff plans to teach a class on the theory and practice
of cryptography at the University of Illinois at Chicago beginning in
January of 1997. Plaintiff believes that foreign students may take his
class and intends to post class materials, including cryptographic
algorithms, on the University's Internet website for students to access.
Defendants assert that a preliminary injunction is unwarranted
because teaching a class on cryptography does not violate the
regulations. They also argue that the motion for a preliminary
injunction is merely an attempt by plaintiff to circumvent
export controls by distributing cryptographic software abroad in the
name of academic freedom.
The court notes that an injunction appears hasty given the relative
positions of the parties. The government seems to suggest that teaching
a class on cryptography, regardless of the nationality of the students,
is not the problem; the concern is with posting material on the Internet
without limiting access. Assuming the government is sincere about its
limited objections and that plaintiff could easily limit access to the
class material he posts so that it is not available internationally, it
is not clear why the parties could not enter into a stipulation.
In view of the fact that the court has ruled on the merits and
has found certain provisions of the ITAR invalid, plaintiff cannot be
prosecuted under those provisions absent reversal on appeal.
Therefore, at this time there is no immediate threat of injury and no
need to rule on the preliminary injunction.[15] The motion for a
preliminary injunction is denied without prejudice. If plaintiff is
threatened with prosecution, he may return to this court and renew the
motion.
// // //
CONCLUSION
For the reasons set forth above, IT IS HEREBY ORDERED that
plaintiff's motion for summary judgment is GRANTED in part and DENIED in
part. Defendants' motion for summary judgment is likewise GRANTED in
part and DENIED in part. Plaintiff's motion for a preliminary injunction
is DENIED without prejudice.
IT IS SO ORDERED.
Dated: Dec. 6, 1996 [signature]
______________ ______________________________
MARILYN HALL PATEL
United States District Judge
ENDNOTES
1. Some of the information in this section is taken directly
from the court's previous opinion in this action, Bernstein v.
United States Dept. of State, 922 F. Supp. 1426, 1428-30 (N.D.
Cal. 1996), and is repeated here for its relevance to the present
motion. Additional information comes from the parties'
submissions or other sources as indicated.
2. In symmetric cryptography the encryption key is the same as
the decryption key. Asymmetric, or public-key, cryptography uses
different keys for encryption and decryption and generally only
the encryption key is disclosed.
3. Source code is the text of a source program and is generally
written in a high-level language that is two or more steps
removed from machine language which is a low-level language.
High-level languages are closer to natural language than low-
level languages which direct the functioning of the computer.
Source code must be translated by way of a translating program
into machine language before it can be read by a computer. The
object code is the output of that translation. It is possible to
write a source program in a high-level language without knowing
about the actual functions of the computer that carry out the
program. _Encyclopedia of Computer Science_ 962, 1263-64 (Anthony
Ralston & Edwin D. Reilly eds., 3d ed. 1995)
4. The parties disagree about whether the computer code
submitted by plaintiff to the State Department is technically
"software." The court notes that 22 C.F.R. 121.8(f) defines
"software" for the purposes of the AECA. That definition is
descriptive of content, however, and does not define the actual
format or physical form of the software. However, 22 C.F.R.
120.4(d)(2), pertaining to the commodity jurisdiction procedure,
contains the note that for the purposes of software, "form
denotes language, language level and media" while the function is
"the action or actions it is designated to perform." For the
purposes of this motion the court need not resolve this issue
since regardless of Snuffle's exact form, it appears to meet the
definitions contained in the statute and the ODTC has subjected
it to the licensing requirements.
5. The CJ request of July 15, 1993, refers to the items as
DJBCJF-2, DJBCJF-3, DJBCJF-4, DJBCJF-5, and DJBCJF-6 without
distinguishing information. Complaint Exh. D.
6. Plaintiff contends that the CJ process, the registration and
fee system, the licensing system and the recordkeeping mandate
all function as a prior restraint on speech. For the purpose of
this motion, this is overkill. Defendants do not dispute the
licensing system for defense articles. As defendants point out,
the CJ process is voluntary, although it appears to function as a
pre-licensing system. The court will analyze the ITAR mainly
with respect to the licensing system itself.
7. One might make the argument that encryption software could
be validly regulated for its "secondary effects," much like adult
theaters were in Young v. American Mini-Theaters, Inc., 427 U.S.
50 (1975), and Renton v. Playtime Theaters, Inc., 475 U.S. 41
(1986), where the Supreme Court upheld zoning ordinances aimed at
the secondary effects of such theaters in the surrounding
community. However, the secondary effects rationale has never
been extended beyond sexually explicit speech. See Boos v.
Barry, 485 U.S. 312 (1988) (refusing to apply the rationale to
political speech).
8. The court recognizes that the vendors the NRC Report
discusses have different speech interests in cryptography than
academic scientists. However, the Report is nonetheless valuable
for its up-to-date insights into the actual implementation of the
ITAR export controls over cryptographic products.
9. The NRC Report states that the recent lawsuits in this area,
including the instant one, "suggest quite strongly that the
traditional national security paradigm of export controls on
cryptography (one that is biased toward denial rather than
approval) is stretched greatly by current technology. Put
differently, when the export control regime is pushed to an
extreme, it appears manifestly ridiculous." NRC Report at 4-33.
10. This is like the controversy surrounding Bruce Schneier's
book, _Applied Cryptography_, which was the subject of litigation
similar to the present action. See Karn v. United States Dept.
of State, 925 F. Supp. 1 (D.D.C. 1996). The book contained
source code for cryptography as well as a disk containing the
identical source code. Karn received permission to export the
book but not the disk. The NRC Report commented on the general
dismay with which the academic cryptography community greeted
this decision, repeating their quip: "They think terrorists can't
type?" NRC Report at 4-48.
11. Also suggestive of the confusion surrounding application of
this provision is the manner in which the ODTC handled the CJ
determination of plaintiff's paper. Based on this court's
understanding of the correspondence between ODTC and
Bernstein, the paper was initially determined to be on the USML.
See Bernstein, 922 F. Supp. at 1434. Although the ODTC claims
this was because Bernstein presented his application in a
confusing manner, it still took nearly two years for the ODTC to
determine only that the paper did not "appear" to be technical
data. In a letter sent to plaintiff since the court issued its
opinion, the ODTC clarified that the paper was not technical
data.
12. In an August 29, 1978 letter to Colonel Kay in the Office of
Science and Technology Policy concerning the then recent decision
in Edler, the Office of Legal Counsel stated that
while the Ninth Circuit's decision is helpful in resolving
First Amendment issues with respect to blueprints and
similar types of technical data used as a basis for
producing military equipment, we do not believe that it
either resolves the First Amendment issues presented by
restrictions on the export of cryptographic ideas or
eliminates the need to reexamine the ITAR.
Tien Decl., Exh. D at 2.
13. The court disagrees with plaintiff's contention that the
elimination of judicial review allows for reconsideration of
Edler. The judicial review provision, which was added in 1989,
does not address licensing decisions but precludes judicial
review only as to the designation of items as defense articles or
services. 22 U.S.C. 2778(h).
14. This set of summary judgment motions was set specifically to
address First Amendment issues.
15. In order to establish injury plaintiff need not "expose
himself to actual arrest or prosecution . . . ." Steffel v.
Thompson, 415 U.S. 452, 459 (1974). However, neither can the
threat of prosecution be speculative. Id.; Caribbean Marine
Servs. Co., Inc. v. Baldridge, 844 F.2d 668, 675 (9th Cir. 1988).